Beginner need help (unrecognized clients)

Frank Wei Frank.Wei at 4rf.com
Mon Sep 29 07:09:58 CEST 2014


Dear friends,

I have added clients

client private-network-1 {
                      ipaddr          = 192.168.0.244
                      netmask         = 24
                      secret          = testing123-1
                      shortname       = private-network-1
              }

To the clients.conf.

And run command "radius -X". From the debug message I can see the added client loaded.

Then from my NAS (with IP 192.168.0.244) I sent a "authentication only" request to the server. The server showed me a message:

Ignored,.....Unrecognized client "192.168.0.244" port "1222".

What is wrong with my config?

Regards,
Frank


-----Original Message-----
From: freeradius-users-bounces+frank.wei=4rf.com at lists.freeradius.org [mailto:freeradius-users-bounces+frank.wei=4rf.com at lists.freeradius.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: Thursday, 25 September 2014 6:49 p.m.
To: FreeRadius users mailing list
Subject: Re: Beginner need help

Hi,

> My understanding is that source IP address of the Access-Request packets must be the NAS IP address which is "NAS-IP-Address". Apparently this is different to the Attribute description.
>
> Could anybody explain?

sure.

the NAS-IP-Address is set by the NAS - so it SHOULD be its IP address in a nice world. okay
thats clear....however, the packet might be reaching your RADIUS server via some other
route - lets say, eg a NAT gateway, a RADIUS server (it has been proxied) or from some
central controller (thinking of some of the WiFi solutions out there) - in which case
the NAS-IP-Address is NOT the source IP address of the packet.


the NAS-IP-Address is also part of the RADIUS datagram - so you've already started to
analyse the packet contents really before you can - eg how did you ensure the packet
contents were correct, verify the message authenticator or ensured the content values
by using the shared secret?  you didnt.

the RADIUS datagram comes in. you see the source address of the packet. look up the client,
get its shared secret, work on the packet.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The information in this email communication (inclusive of attachments) is confidential to 4RF Limited and the intended recipient(s). If you are not the intended recipient(s), please note that any use, disclosure, distribution or copying of this information or any part thereof is strictly prohibited and that the author accepts no liability for the consequences of any action taken on the basis of the information provided. If you have received this email in error, please notify the sender immediately by return email and then delete all instances of this email from your system. 4RF Limited will not accept responsibility for any consequences associated with the use of this email (including, but not limited to, damages sustained as a result of any viruses and/or any action or lack of action taken in reliance on it).


More information about the Freeradius-Users mailing list